Description: ------------ When passing a URL as the first parameter to $mdb2->quote, and 'clob' as the second parameter, it actually fetches the URL. Test script: --------------- print $mdb2->quote("http://www.bbc.co.uk", "clob"); Expected result: ---------------- It should print 'http://www.bbc.co.uk' Actual result: -------------- It prints the source of http://www.bbc.co.uk

Make sure the 'lob_allow_url_include' options is set to false

$mdb2->setOption('lob_allow_url_include', false); ??? still exhibits the same behaviour for me... Surely it should be set to false by default though, because it's a huge security hole... if you pass user input in, then they can access any file on the server - file:///etc/passwd and so on Am I missing something? :)

it *is* false by default... I can't try now, I don't have access to my dev machine. Would you mind trying the files in SVN, and see if it's fixed there? Thanks!

Hi - thanks for looking into this. We're using 2.5.0b2 and it seems to be true by default on this. Not sure how to try the files in SVN?

This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.